Frends Azure Architecture
Azure Components
The Frends iPaaS service utilizes the following Microsoft Azure components and is delivered from Azure North Europe (Ireland) and Azure West Europe (Netherlands) data centres:
The Azure virtual network enables Frends Azure resources to securely communicate with each other, the internet, and on-premises networks.
All connections to Frends are secured using valid SSL certificates and pass through the Azure WAF.
An Agent has different databases to store configuration data, cache log data and store a shared state between Agents inside of an Agent Group.
When Agents inside of an Agent Group are configured to function as a High Availability (HA) group (this is set by default when there is more than one Agent), they require a shared state store to orchestrate File Watch, Schedule and Conditional Triggers.
It is possible, although not recommended, to install more than one Agent without a shared state store. In this case only one predefined Primary Agent (not dynamic) executes File, Schedule and Conditional Triggers. This is not a recommended installation model and may not support all future features.
The Agent supports the following databases:
Microsoft SQL Server
Can be used for configuration and shared state storage
Secured either through an SQL Login or Integrated security
Agent user has the following access to the database: db_datareader, db_datawriter, execute
SQLite
Used for caching log data when there's no access to the Service Bus or Azure Storage
Can be used by the Cross-platform Agent for Configuration storage
Can be used by the Cross-platform Agent for shared state storage when in a non-HA configuration
Secured through file access on the local machine
The Agent's access to the Blob Storage is SSL secured and authenticated with limited access Shared Access Signatures (SAS) at a Blob Container or Blob level. The Agent uses the Blob storage for the following purposes:
Reading and writing to the Large Message Storage:
Used to store messages that do not fit inside of a single Azure Service Bus Message (>200KB)
Each Agent Group has its own Blob container for storing large messages
Service Bus messages contain a SAS signed URI to access the Blob containing the large messagesRetrieving compiled Processes as NuGet packages (NuGet repository) (Used by the Legacy Agent)
Retrieving compiled Processes as Process Host packages (Process host package store) (Used by the Cross-platform Agent)
The Agent requires connectivity to the Azure or Cleura cloud where the Frends Control Panel is hosted. It mainly uses the Azure Service Bus or RabbitMQ as a message bus for communication and Azure Storage or Ceph (Blob storage) for larger data amounts.
Connections to the Message Bus are SSL secured and the Agent uses a limited access connection string for authentication. The Agent uses the Message Bus for the following purposes:
Receiving Process deployments from the Control Panel
Receiving other configuration data from the Control Panel, such as Environment Variables, API Key configurations, OAuth settings, etc
Sending Process log data to the Log Service
Sending Heartbeats and system log data to the Log Service
Requesting Remote Subprocess executions on Agents in the same Environment
Receiving Remote Subprocess execution requests from Agents in the same Environment
Receiving Manual Process execution requests from the Control Panel
Frends stores secure keys and certificates in the Azure Key Vault and accessed by the web application when needed.
The next article is Introduction to Development Flow
โ